- How to protect yourself from phishing attacks in Chrome and Firefox
- El laberinto de la nube: un enfoque de cinco fases para optimizar la estrategia
- Cisco in 2025: Lots of hard work ahead
- CIS Control 07: Continuous Vulnerability Management
- Nvidia Project Digits: A Linux-powered desktop for AI developers
5 browser extension rules to keep your system safe in 2025
Some people view browser extensions as a necessary piece of the puzzle, while others see them as a danger. So, how could something so small present such a problem for users?
Consider a recent report by Vulnerable U about data loss prevention service Cyberhaven, which discovered a Chrome extension used by over 400,000 of its customers contained code that stole their private/sensitive data. That extension was available for over 30 hours before it was taken down.
Also: I found a malicious Chrome extension on my system – here’s how and what I did next
The malicious version of the extension included a spear-phishing email stating that it wasn’t in compliance with Google’s terms of use and would be revoked unless the developer took immediate action. If you clicked on the email link, a consent screen opened, requiring access permissions to an OAuth app named Privacy Policy Extension. This would then give an attacker access to upload a new, malicious version of the extension.
This familiar story is becoming more common: something as innocuous as an extension contains malicious code ready to steal your secrets and data. It’s harder to stay safe in the digital-first world. As far as browser extensions are concerned, sadly, the onus is on the end user to be vigilant about what they install on their machines.
Also: The best secure browsers for privacy
With that in mind, how can you stay safe and avoid installing dangerous browser extensions?
Here are five ways to know if you can trust an extension.
1. Stick to the majors
My first rule is only trust extensions released by major companies. That’s not to say a single developer or small team shouldn’t be ruled out, but it’s always the easiest route to ensuring you don’t get caught up in a malicious campaign.
Also: My 5 favorite web browsers – and what each is ideal for
But even major companies can wind up in such a situation, so how do you move forward?
2. Add what you need
My next rule is similar to one I use for mobile devices — only install things you need. I also tend to keep my browser extensions to a bare minimum.
Also: Try the world’s best browser while you can
You might see an extension that claims it can save you thousands of dollars during online shopping. However, the adage “If it sounds too good to be true, it probably is” applies. I can’t count the number of times I’ve had to remove shopping extensions from people’s browsers because they fell for that well-worn scheme. These extensions should not be trusted.
3. Do the groundwork
Next, do some research before you install an extension. Check for reviews and the number of downloads. If the number of downloads is small or there are very few reviews, avoid that extension.
4. Check the details
Always check to see when the extension was last updated. I tend to trust extensions that are regularly updated.
One of the issues with installing browser extensions that haven’t been updated in a while is that there are possible unpatched security vulnerabilities. As a rule of thumb, if a piece of software hasn’t been updated in the past 30 days, I immediately get suspicious and look into the developer to see if they’ve abandoned the project or have a suspect reputation.
5. Think about permissions
Finally, check the permissions an extension requires. For example, if you’re adding an extension with no reason to access keyboard input or your web camera, think twice about installing it.
In Chrome, point a tab to chrome://extensions. On any given extension you can click Details and view the permissions it requires. In Firefox, go to “Add-ons and themes” > Extensions and click on an extension. From the resulting page, click the Permissions tab and view the required permissions for the extension. If you see anything suspect, remove the extension immediately.
Also: 5 reasons why Opera is my favorite browser
Unfortunately, this type of situation isn’t going to go away. No matter how diligent browser developers are about security, malicious actors are always one step ahead. Because of that issue, always ask yourself: Do I need this extension? If the answer is no… don’t install it.
